I guess an Application would be an Agent. Application role names could
either be scoped, i.e. "ApplicationName.RoleName" or I could generate a
unique id for the Role.getName() and add a special "applicationRoleName"
attribute. Then create a custom relationship between the Appplication's
Agent and each role.
That sound right? Should I scope the name, or generate a unique id and
add an attribute?
On 6/10/2013 6:28 PM, Bill Burke wrote:
> I'm trying to figure out how to do the following scenario with the
> IdentityManager API:
>> * A realm with N users
> * A realm which manages X applications
> * Each application has Y roles
> * Users have role mappings for each of those roles
>> I'll need to be able to query:
>> * What are the applications in the realm
> * What roles does a service have
> * What are the role mappings for each service for a particular user
>> It looks like a Role only has a name. So, I can't have "admin" role for
> each of my services and different role mappings per service. Would I
> have to model this as different "partitions"? I see that you can create
> "partitions", but how do you create relationships between "partitions"
> or share users between partitions?
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com